Hackers are taking their malware to the gaming world. GodLoader, embedded in the Godot game engine, has compromised over 17,000 systems across platforms, using malicious scripts to steal credentials and install crypto miners. Reconnaissance meets exploitation in UNC2465’s toolkit. Leveraging the SMOKEDHAM backdoor for access, this financially-motivated threat actor employs tools like Advanced IP Scanner and BloodHound to map victim networks before launching further attacks. Fake stores are turning Black Friday into a hacker’s dream. Netcraft identified a massive surge in fraudulent SHOPYY domains, preying on unsuspecting shoppers. Here are the top 10 highlights.
01
Hackers utilized the GodLoader malware, taking advantage of the popular Godot game engine to infect over 17,000 systems across multiple platforms.
02
Financially-motivated threat actor UNC2465 has been found leveraging the SMOKEDHAM backdoor for initial access. It also uses tools like Advanced IP Scanner and BloodHound for reconnaissance.
03
South Korea-linked cyber-espionage group APT-C-60 conducted a cyberattack on an organization in Japan using a job application theme to deliver the SpyGlace backdoor.
04
Threat actors are actively exploiting a critical authentication bypass flaw (CVE-2024-11680) in ProjectSend, allowing them to upload webshells and gain remote access to servers.
05
The PixPirate malware, originally targeting financial services in Brazil, has evolved to spread through WhatsApp, and now affects countries like India, Italy, and Mexico.
06
A new phishing campaign deceives people into thinking they have lost their jobs. It starts with an email that looks like a legal notice of termination. This attack targeted 14 customers, indicating a single actor behind it.
07
Software package @0xengine/xmlrpc was stealthily compromised to steal sensitive data and mine cryptocurrency on infected systems, in a supply chain attack.
08
Netcraft identified a 110% surge in fake stores on SHOPYY, between August and October, to target Black Friday shoppers. Over 9,000 fake store domains were detected from November 18–21.
09
Zabbix has released urgent security updates for a critical vulnerability (CVE-2024-42330) that could allow attackers to execute arbitrary code on vulnerable systems.
10
The cybercriminals behind Banshee Stealer have reportedly shut down their operation after the source code for the macOS malware was leaked on GitHub.
